Commit cd8ee4d9 authored by o@immerda.ch's avatar o@immerda.ch
Browse files

avoid post urls without get

I understand the idea of not mixing controller function for multiple
things. but I also think that having post urls, which cannot be get
(even they do have a sensible meaning) is not nice.

especially for the signup process, I would assume, that if you hit
enter in the url bar, you would loose all data in the form, but still
get to the same signup page.

therefore i added the token as part of the url and the post goes to
'/signup/:token'. when you get that url, you can restart signup
with the same token.
parent 1871722e
class SignupController < ApplicationController
def new
if @token
render 'create'
end
end
def verify
if @token
# on by default
@enable_trees = true
render 'create'
else
redirect_to '/signup'
render 'token'
end
end
......@@ -66,7 +62,9 @@ class SignupController < ApplicationController
flash[:notice] = :invalid_alias_domain
end
end
private
def authorize
@token = nil
token_to_validate = params[:token]
......
<h3><%= t :new_account %></h3>
<%= form_tag("/signup/create", method: "post") do %>
<%= form_tag("/signup/#{@token}", method: "post") do %>
<table>
<tr><td>
<%= label_tag(:email, (t :email)) %>
......@@ -64,7 +64,6 @@
</p>
<p>
<%= hidden_field_tag(:token, '', value: @token) %>
<%= submit_tag(t :create) %>
</p>
<% end %>
<h3><%= t :new_account %></h3>
<%= form_tag("/signup/verify", method: "post") do %>
<%= form_tag("/signup", method: "post") do %>
<%= label_tag(:token, (t :invite_token)) %>
<%= text_field_tag(:token) %>
<%= submit_tag(t :submit) %>
......
......@@ -20,9 +20,10 @@ Rails.application.routes.draw do
post '/login', to: 'sessions#create'
get '/logout', to: 'sessions#destroy'
get 'signup', to: 'signup#new'
post 'signup/verify', to: 'signup#verify'
post 'signup/create', to: 'signup#create'
get 'signup', to: 'signup#new'
post 'signup', to: 'signup#new'
get 'signup/:token', to: 'signup#new'
post 'signup/:token', to: 'signup#create'
root to: 'index#show'
get '/index', to: 'index#show'
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment